Recent Posts

Recent Blog Posts

The PhishLabs Blog

Meet the Cyber Security Awareness Team: Kimber

Posted by Elliot Volkman on Oct 18, '18
Find me on:

Meet the Team: Kimber BIn our ongoing contributions to Cyber Security Awareness Month today we’re launching a two-part series designed to introduce you to some of our team.

For those who have been fortunate (unfortunate) enough to be on the receiving end of one of our phishing simulations, interacted with our microlearning modules, or training materials, you likely are unaware of some of the minds behind them. That’s why we’ve put together some brief interviews so that you can become more acquainted with people that power our security awareness training programs.

Well, that’s at least what we told them. In this week’s special Let’s Make a Phish video we’ve reintroducing you to our Senior Instructional Designer, Kimber. Along with some insight into her contributions to the team, we also asked her some questions that threat actors would love to gain access to in order to develop targeted phishing emails. Oops.

We, of course, redacted much of the information so that she can’t be phished with the information.

Common Security Questions

  1. Favorite college team?
  2. Best place to get food around town?
  3. Where are you originally from?
  4. Favorite vacation spot?
  5. Dog or cat person, and why?
  6. Favorite Book?

Do these all sound familiar? Of course they do! Many online accounts allow users to reset their password or gain access to their accounts by using one or a combination of security questions. In today’s ever-expanding digital footprint we often freely give out this information on social media, blogs, or in the unfortunately never-ending data breaches that users can’t control.

While we tried to trick Kimber, she was quickly able to spot something phishy when we prompted her. However, that is simply not the case for most users. The solution? Train users to use made up answers across different sites as keys to secret questions, so regardless of a data breach or tweeting, a threat actor can’t use that against your users.

Topics: security awareness training

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Upcoming Events

Calendar_Mock_

Posts by Topic

see all